Lucene search

MitreCVE-2014-7980

HistoryOct 08, 2014 - 6:55 p.m.

CVE-2014-7980

2014-10-0818:55:04

CWE-79

mitre

web.nvd.nist.gov

cve-2014-7980

cross-site scripting

xss

zen theme

drupal

remote authenticated users

web security

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

45.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in template.php in Zen theme 7.x-3.x before 7.x-3.3 and 7.x-5.x before 7.x-5.5 for Drupal allow remote authenticated users with the “administer themes” permission to inject arbitrary web script or HTML via the skip_link_text setting and unspecified other theme settings.

Affected configurations

Nvd

Node

drupalzenMatch7.x-3.0

drupalzenMatch7.x-3.1

drupalzenMatch7.x-3.2

drupalzenMatch7.x-5.0

drupalzenMatch7.x-5.1

drupalzenMatch7.x-5.2

drupalzenMatch7.x-5.3

drupalzenMatch7.x-5.4

VendorProductVersionCPE
drupalzen7.x-3.0cpe:2.3:a:drupal:zen:7.x-3.0:*:*:*:*:*:*:*
drupalzen7.x-3.1cpe:2.3:a:drupal:zen:7.x-3.1:*:*:*:*:*:*:*
drupalzen7.x-3.2cpe:2.3:a:drupal:zen:7.x-3.2:*:*:*:*:*:*:*
drupalzen7.x-5.0cpe:2.3:a:drupal:zen:7.x-5.0:*:*:*:*:*:*:*
drupalzen7.x-5.1cpe:2.3:a:drupal:zen:7.x-5.1:*:*:*:*:*:*:*
drupalzen7.x-5.2cpe:2.3:a:drupal:zen:7.x-5.2:*:*:*:*:*:*:*
drupalzen7.x-5.3cpe:2.3:a:drupal:zen:7.x-5.3:*:*:*:*:*:*:*
drupalzen7.x-5.4cpe:2.3:a:drupal:zen:7.x-5.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
drupal	zen	7.x-3.0	cpe:2.3:a:drupal:zen:7.x-3.0:::::::*
drupal	zen	7.x-3.1	cpe:2.3:a:drupal:zen:7.x-3.1:::::::*
drupal	zen	7.x-3.2	cpe:2.3:a:drupal:zen:7.x-3.2:::::::*
drupal	zen	7.x-5.0	cpe:2.3:a:drupal:zen:7.x-5.0:::::::*
drupal	zen	7.x-5.1	cpe:2.3:a:drupal:zen:7.x-5.1:::::::*
drupal	zen	7.x-5.2	cpe:2.3:a:drupal:zen:7.x-5.2:::::::*
drupal	zen	7.x-5.3	cpe:2.3:a:drupal:zen:7.x-5.3:::::::*
drupal	zen	7.x-5.4	cpe:2.3:a:drupal:zen:7.x-5.4:::::::*

References

drupal.org/node/2254925

secunia.com/advisories/58318

www.securityfocus.com/bid/67175

www.drupal.org/node/2254835

www.drupal.org/node/2254837

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

45.1%

JSON

Related for CVE-2014-7980